summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Sixt <johannes.sixt@telecom.at>2008-09-22 13:03:25 +0200
committerJunio C Hamano <gitster@pobox.com>2008-09-22 09:35:58 -0700
commit79bbc7fb078f8cabe04020c4619be9b571371398 (patch)
treebacda71c02d7e42cc96d2a3f1704b988f9cbaef7
parentcc185a6a8ac24737a26ec4b40cc401c2db8b2e97 (diff)
downloadgit-79bbc7fb078f8cabe04020c4619be9b571371398.tar.gz
git-remote: do not use user input in a printf format string
'git remote show' substituted the remote name into a string that was later used as a printf format string. If a remote name contains a printf format specifier like this: $ git remote add foo%sbar . then the command $ git remote show foo%sbar would print garbage (if you are lucky) or crash. This fixes it. Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--builtin-remote.c18
1 files changed, 8 insertions, 10 deletions
diff --git a/builtin-remote.c b/builtin-remote.c
index 01945a8651..4cb763f989 100644
--- a/builtin-remote.c
+++ b/builtin-remote.c
@@ -407,14 +407,15 @@ static int rm(int argc, const char **argv)
return i;
}
-static void show_list(const char *title, struct string_list *list)
+static void show_list(const char *title, struct string_list *list,
+ const char *extra_arg)
{
int i;
if (!list->nr)
return;
- printf(title, list->nr > 1 ? "es" : "");
+ printf(title, list->nr > 1 ? "es" : "", extra_arg);
printf("\n ");
for (i = 0; i < list->nr; i++)
printf("%s%s", i ? " " : "", list->items[i].string);
@@ -477,7 +478,6 @@ static int show(int argc, const char **argv)
memset(&states, 0, sizeof(states));
for (; argc; argc--, argv++) {
- struct strbuf buf;
int i;
get_remote_ref_states(*argv, &states, !no_query);
@@ -503,18 +503,16 @@ static int show(int argc, const char **argv)
}
if (!no_query) {
- strbuf_init(&buf, 0);
- strbuf_addf(&buf, " New remote branch%%s (next fetch "
- "will store in remotes/%s)", states.remote->name);
- show_list(buf.buf, &states.new);
- strbuf_release(&buf);
+ show_list(" New remote branch%s (next fetch "
+ "will store in remotes/%s)",
+ &states.new, states.remote->name);
show_list(" Stale tracking branch%s (use 'git remote "
- "prune')", &states.stale);
+ "prune')", &states.stale, "");
}
if (no_query)
for_each_ref(append_ref_to_tracked_list, &states);
- show_list(" Tracked remote branch%s", &states.tracked);
+ show_list(" Tracked remote branch%s", &states.tracked, "");
if (states.remote->push_refspec_nr) {
printf(" Local branch%s pushed with 'git push'\n ",